Page 2 of 2
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Tue Apr 15, 2014 4:17 am
by feltham99
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Tue Apr 15, 2014 4:39 pm
by tmcdonald
Well looking over the documentation:
http://labs.consol.de/lang/en/nagios/check_logfiles/
it doesn't appear that there is a way to filter by ID, however you can specify a pattern for both warning and crit and if the error code appears in the actual text you might be able to work off that.
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Wed Apr 16, 2014 2:42 am
by feltham99
tmcdonald wrote:Well looking over the documentation:
http://labs.consol.de/lang/en/nagios/check_logfiles/
it doesn't appear that there is a way to filter by ID, however you can specify a pattern for both warning and crit and if the error code appears in the actual text you might be able to work off that.
There is a way to filter by ID by this syntax:
exclude => {
eventid => 1058,
},
but i asked 4 filter errocodes of an event that you find in its details like i shown before ....
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Wed Apr 16, 2014 2:26 pm
by tmcdonald
feltham99 wrote:
exclude => {
eventid => 1058,
},
That looks like perl code but you linked us to a Windows binary. Are you sure you sent us the right link?
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Thu Apr 17, 2014 3:55 am
by feltham99
That is a Micorosft binary plugin & was insatalled on the host monitored with NSClient++:
C:\Program Files\NSClientNME32\plugins\check_logfiles.exe
& control its event viewer by rules writed in a file .cfg like i show below i think:
C:\nagios.cfg\check_logfiles_GROUPP
@searches = ({
tag => 'System',
type => 'eventlog',
options => 'eventlogformat="%w src:%s id:%i %m",nosavethresholdcount',
eventlog => {
eventlog => 'System',
include => {
eventtype => 'error',
eventid => '1058',
operation => 'and',
},
},
criticalthreshold => 6,
criticalpatterns => '.*'
})
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Thu Apr 17, 2014 4:57 pm
by tmcdonald
I'll admit you've got us all a little stumped.
What exactly is the C:\nagios.cfg\check_logfiles_GROUPP you mention? That really shouldn't even exist. In addition, what is NSClientNME32? There is no mention of that on Google.
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Thu Apr 17, 2014 5:00 pm
by sreinhardt
It does not appear that by default you can filter by error code, but only these things:
Code: Select all
The formatstring knows the following tokens:
%t EventType
%i EventID
%s Source
%c Category
%w Timewritten
%g TimeGenerated
%m Message
You should be able to expand upon that with regex though, as it seems to support a whole lot of that.
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Fri Apr 18, 2014 3:34 am
by feltham99
Thanks all 4 support me, no way .....
sreinhardt what is regex?
Re: Nagios check_logfiles can control EventID Error codes?
Posted: Fri Apr 18, 2014 11:13 am
by tmcdonald
regex is a short name for "regular expressions". Basically they are a way of defining a pattern, and seeing if a text string fits that pattern:
A pattern of "cat" would fit the following strings:
cat
a cat
cat food
catch
tomcat
As you can see, it does not matter where "cat" appears as long as it does. This is an incredibly simple explanation for as complex an issue as regex.